Authenticating a vehicle user

ABSTRACT

A system includes a vehicle, a vehicle communications platform (VCP), and an in-vehicle biometric system. The VCP is programmed to recognize a sequence of events. The sequence of events includes a transmission of the vehicle shifting from drive to park, an engine of the vehicle is on, and the transmission of the vehicle shifting back from park to drive. The VCP is further programmed to, in response to the sequence of events, monitor a distance that the vehicle travels or monitor a time since an occurrence of the sequence of events, and to instruct the in-vehicle biometric system to enter an authentication mode after a set time has passed since the occurrence of the sequence of events or after the vehicle has traveled a set distance since the occurrence of the sequence of events. The in-vehicle biometric system is responsive to instructions from the VCP and initiates an authentication routine.

TECHNICAL FIELD

The present disclosure relates generally to authenticating a vehicleuser.

BACKGROUND

Many consumer electronic devices are equipped with biometriccapabilities that allow the devices to identify the user. Biometrics aremeasurements based on distinctive human characteristics. Biometrics canbe used to identify a potential user of a device and to grant orrestrict access to the device based on the identity of the user.

SUMMARY

A system for authenticating a vehicle user is disclosed herein. Anexample of the system includes a vehicle, a vehicle communicationsplatform, and an in-vehicle biometric system. The vehicle communicationsplatform is programmed to recognize a sequence of events. The sequenceof events includes a transmission of the vehicle shifting from drive topark, an engine of the vehicle is on, and the transmission of thevehicle shifting back from park to drive. The vehicle communicationsplatform is further programmed to, in response to the sequence ofevents, monitor a distance that the vehicle travels after the occurrenceof the sequence of events or monitor a time since an occurrence of thesequence of events, and to instruct the in-vehicle biometric system toenter an authentication mode after a set time has passed since theoccurrence of the sequence of events or after the vehicle has traveled aset distance since the occurrence of the sequence of events. Thein-vehicle biometric system is responsive to instructions from thevehicle communications platform and initiates an authentication routine.

Another example of the system for authenticating a vehicle user includesa vehicle, a vehicle communications platform, and an in-vehiclebiometric system. The vehicle communications platform is programmed tomonitor for an occurrence of a pre-set driving event during a vehicletrip and instruct an in-vehicle biometric system to reenter anauthentication mode after recognizing that the pre-set driving event hasoccurred. The in-vehicle biometric system is programmed to initiate anauthentication routine at a beginning of the vehicle trip, and toinitiate a subsequent authentication routine in response to instructionsfrom the vehicle communications platform indicating that the pre-setdriving event has occurred.

Still another example of the system for authenticating a vehicle userincludes a vehicle state switch responsive to a user input and anin-vehicle biometric system. The vehicle state switch identifies apredefined driving group to which the vehicle user belongs as either asmall group or a large group. The in-vehicle biometric system includesan acquisition device and a microprocessor. The acquisition devicecollects a biometric sample from the vehicle user. When the vehiclestate switch identifies the predefined driving group as a small group,the microprocessor runs a local biometric comparison routine on thebiometric sample. When the vehicle state switch identifies thepredefined driving group as a large group, the microprocessor transmitsthe biometric sample to an off-board server for authentication.

BRIEF DESCRIPTION OF THE DRAWING

Features of examples of the present disclosure will become apparent byreference to the following detailed description and drawing, in whichlike reference numerals correspond to similar, though perhaps notidentical, components.

FIG. 1 is a schematic view of an example of a system for authenticatinga vehicle user.

DETAILED DESCRIPTION

Examples of the system disclosed herein utilize biometric authenticationtechnology. Biometric authentication technology refers to technologythat can verify a user's identity based on distinctive humancharacteristics. As an example, the verification time of biometricauthentication technology may be from about 1 second to about 3 seconds.Examples of biometric authentication technology include fingerprintrecognition technology, palm print recognition technology, hand geometryrecognition technology, retina recognition technology, iris recognitiontechnology, facial mapping technology, signature recognition technology,voice recognition technology, vein recognition technology, DNArecognition technology, and ear geometry recognition technology.

In the examples disclosed herein, the vehicle includes an in-vehiclebiometric system equipped with hardware that supports the biometricauthentication technology. The in-vehicle biometric system is able toinitiate and run an authentication routine. In some examples, thein-vehicle biometric system initiates and runs an authentication routinein response to instructions from the vehicle communications platformafter a set time has passed since the occurrence of a sequence of eventsand/or after the vehicle has traveled a set distance since theoccurrence of the sequence of events. The sequence of events includes atransmission of the vehicle shifting from drive to park, an engine ofthe vehicle is on, and the transmission of the vehicle shifting backfrom park to drive. In other examples, the in-vehicle biometric systeminitiates and runs an authentication routine at a beginning of thevehicle trip, and initiates a subsequent authentication routine inresponse to instructions from the vehicle communications platformindicating that a pre-set driving event has occurred. In still otherexamples, the in-vehicle biometric system initiates and runs anauthentication routine when a vehicle state switch identifies apredefined driving group as a small group, and when the vehicle stateswitch identifies the predefined driving group as a large group, thein-vehicle biometric system transmits the biometric sample to anoff-board server for authentication.

Referring now to FIG. 1, an example of a system 10 for authenticating avehicle user is depicted. In one example, the system 10 includes thevehicle 12, the in-vehicle biometric system 14, and the vehiclecommunications platform (VCP) 16. In another example, the system 10includes the vehicle 12, the in-vehicle biometric system 14, a vehiclestate switch 18, and a server 22.

In the examples disclosed herein, the vehicle 12 may be a car,motorcycle, truck, or recreational vehicle (RV). The vehicle 12 isequipped with suitable hardware and computer readable instructions/codethat allow it to communicate (e.g., transmit and/or receive voice anddata communications) with the server 22.

At least some of the hardware and computer readable instructions/codeare embodied in the VCP 16. In an example, the VCP 16 is an on-boardvehicle dedicated communications and entertainment device. In anotherexample (not shown), the VCP 16 is an on-board vehicle dedicatedcommunications device (e.g., a telematics unit), and the vehicle 12includes a separate on-board vehicle dedicated entertainment device(e.g., an infotainment unit). Whether integrated into a single unit(e.g., VCP 16) or included as separate units, the on-board vehiclededicated communications and entertainment device(s) include hardwarecomponents that are capable of running computer readableinstructions/code 28, which are embodied on non-transitory, tangiblecomputer readable media.

The VCP 16 may provide a variety of services. One example of theseservices includes the VCP 16 recognizing a sequence of events,monitoring the distance that the vehicle 12 travels after occurrence ofthe sequence of events and/or the time since an occurrence of thesequence of events, and instructing the in-vehicle biometric system 14to enter an authentication mode after a set time has passed since theoccurrence of the sequence of events and/or after the vehicle 12 hastraveled a set distance since the occurrence of the sequence of events.Another example of these services includes the VCP 16 monitoring for anoccurrence of a pre-set driving event during a vehicle trip, andinstructing the in-vehicle biometric system 14 to reenter anauthentication mode after recognizing that the pre-set driving event hasoccurred. Several other examples of the services may include, but arenot limited to: turn-by-turn directions and other navigation-relatedservices provided in conjunction with a location detection unit; airbagdeployment notification and other emergency or roadsideassistance-related services provided in connection with various sensorinterface modules 40 and sensors 42 located throughout the vehicle 12;and infotainment-related services where music, Web pages, movies,television programs, videogames and/or other content is downloaded bythe VCP 16 via a vehicle bus system 36 and an audio bus system (notshown). The listed services are by no means an exhaustive list of allthe capabilities of the VCP 16, but are simply an illustration of someof the services that the VCP 16 is capable of offering.

The VCP 16 may be used for vehicle communications. In some instances,vehicle communications are enabled through the VCP 16 via acommunications module 30, which includes a cellular chipset/component 32for voice communications and a data transmission system 34 for datatransmission. The cellular chipset/component 32 of the VCP 16 may be ananalog, digital, dual-mode, dual-band, multi-mode and/or multi-bandwireless transceiver. The cellular chipset/component 32 uses one or moreprescribed frequencies in standard analog and/or digital bands in thecurrent market for cellular systems. Any suitable protocol may be used,including digital transmission technologies, such as TDMA (time divisionmultiple access), CDMA (code division multiple access), W-CDMA (widebandCDMA), FDMA (frequency-division multiple access), OFDMA (orthogonalfrequency-division multiple access), etc.

In an example, the data transmission system 34 may include a packetbuilder, which is programmed to make decisions about what packet to send(e.g., bandwidth, data to include, etc.) and to actually build a packetdata message. In another example, the data transmission system 34 mayinclude a wireless modem, which applies some type of encoding ormodulation to convert the digital data so that it can communicatethrough a vocoder or speech codec incorporated in the cellularchipset/component 32. It is to be understood that any suitable encodingor modulation technique that provides an acceptable data rate and biterror may be used with the examples disclosed herein. While exampleshave been provided, it is to be understood that any suitable datatransmission system 34 may be used.

The VCP 16 also includes an electronic processing device 24 operativelycoupled to one or more types of electronic memory 26. In an example, theelectronic processing device 24 is a microprocessor. In other examples,the electronic processing device 24 may be a micro controller, acontroller, and/or a host processor. In another example, electronicprocessing device 24 may be an application specific integrated circuit(ASIC). The electronic memory 26 of the VCP 16 may be an encryptedmemory that is configured to store i) computer readableinstructions/code 28 to be executed by the processor 24, ii) dataassociated with the various systems of the vehicle 12 (i.e., vehicledata, VIN, etc.), iii) biometric sample templates, and/or the like. Theelectronic memory 26 may be a non-transitory, tangible computer readablemedia (e.g., RAM).

The VCP 16 is operatively connected to the vehicle bus system 36. Thevehicle bus system 36 may utilize a variety of networking protocols,such as a controller area network (CAN), a media oriented systemtransfer (MOST), a local interconnection network (LIN), an Ethernet,TCP/IP, and other appropriate connections such as those that conformwith known ISO, SAE, and IEEE standards and specifications, to name afew. The vehicle bus system 36 enables the vehicle 12 to send signals(e.g., real-time bus messages) from the VCP 16 to various units ofequipment and systems (e.g., the in-vehicle biometric system 14). Thevehicle bus system 36 also enables the vehicle 12 to receive signals atthe VCP 16 from various units of equipment and systems (e.g., vehiclesensors 42). An example of a signal received by the VCP 16 throughvehicle bus 36 includes data received by the vehicle sensors 42indicating that the transmission (not shown) of vehicle 12 has shiftedfrom drive into park or from park into drive. An example of a signaltransmitted by the VCP 16 through the vehicle bus 36 includes aninstruction to the in-vehicle biometric system 14 to initiate anauthentication routine.

The VCP 16 (as shown in FIG. 1) may also include other components, suchas, for example, a location detection unit 44 and a real-time clock 46.

The location detection unit 44 may include a GPS receiver, a radiotriangulation system, a dead reckoning position system, and/orcombinations thereof. In particular, a GPS receiver provides accuratetime and latitude and longitude coordinates of the vehicle 12 responsiveto a GPS broadcast signal received from a GPS satellite constellation(not shown). The location detection unit 44 may also include, forexample, Glonass (i.e., global navigation satellite system), Sbas (i.e.,satellite-based augmentation systems), or a D-GPS (differential globalpositioning system). The location detection chipset/component 44 may ormay not be part of an in-vehicle navigation unit. In an example, thelocation detection unit 44 may provide location information for the VCP16 to monitor the distance that the vehicle 12 has traveled after anoccurrence of a sequence of events.

The real-time clock (RTC) 46 provides accurate date and time informationto the VCP 16 hardware and software components that may require and/orrequest date and time information. In an example, the RTC 46 may providetime and/or date information for the VCP 16 to monitor the time since anoccurrence of a sequence of events.

As illustrated in FIG. 1, the vehicle 12 may also include other vehiclesystems that are directly or indirectly connected to the vehicle bussystem 36. Example of these other vehicle systems may include sensorinterface modules 40 and a user interface 38.

The vehicle sensors 42 may be operatively connected to and controlled bysensor interface modules 40, which are operatively connected to thevehicle bus system 36. The vehicle sensors 42 may be used to receivedata about the state of the transmission (not shown) and engine (notshown) of the vehicle 12. The vehicle sensors 42 may also be used toreceive data about the occurrence of a pre-set driving event.

The user interface 38 is operatively connected to the vehicle bus system36. The user interface 38 allows a vehicle user to input information andcommands to the vehicle 12 and receive information from the vehicle 12.The user interface 38 may be any command-driven user interface or anymenu-driven interface. In an example, the user interface 38 is agraphical user interface (GUI). In another example, the user interface38 is a human machine interface (HMI). The user interface 38 may includea display (not shown), a speaker (not shown), and/or a microphone (notshown). In an example, a vehicle user may use the user interface 38 toset a pre-set driving event. In another example, a vehicle user may usethe user interface 38 to set the vehicle state switch 18 so that thevehicle state switch 18 identifies the predefined driving group as asmall group or a large group.

The vehicle 12 also includes the in-vehicle biometric system 14. Thein-vehicle biometric system 14 runs authentication routines to determinewhether a vehicle user is an authorized user or an unauthorized user.The in-vehicle biometric system 14 includes an acquisition device 20 anda computing device 21. The acquisition device 20 collects a biometricsample from the vehicle user, and the computing device 21 determineswhether the vehicle user is an authorized user or an unauthorized user.The acquisition device 20 is a separate from the VCP 16, but is incommunication with the VCP 16. In one example, the computing device 21is a standalone device in the vehicle 12 in communication with the VCP16 (through the vehicle bus 36). In another example, the computingdevice 21 is integrated into the VCP 16 as software that is executed bythe hardware (e.g., processor 24) of the VCP 16. In still anotherexample the computing device 21 is hosted on the server 22. In stillother examples, the computing device 21 may include two separatedevices, one of which may be located on the vehicle 12 (either as astandalone device or resident within the VCP 16) and the other of whichmay be hosted on the server 22 so that the system 10 may run either alocal comparison routine or a remote comparison routine on the biometricsample collected by the acquisition device 20.

It is to be understood that the type of acquisition device 20 used inthe in-vehicle biometric system 14 may vary based on the type ofbiometric authentication technology used. In some examples, theacquisition device 20 may be a camera, a scanner, a signature pad, amicrophone, a DNA sample extractor, or a combination thereof.

The computing device 21 includes an electronic processing device 24′operatively coupled to one or more types of electronic memory 26′. Theelectronic processing device 24′ of the computing device 21 may besimilar to the processor 24 of the VCP 16, and is capable of executingthe computer readable instructions 28′ stored in the memory 26′, whichmay be similar to the electronic memory 26. In the examples disclosedherein, the computing device 21 is programmed to initiate and runauthentication routines. To perform these operations, the computingdevice 21 executes computer readable instructions 28′ that are stored onthe memory 26′.

It is to be understood that before the in-vehicle biometric system 14may authenticate a vehicle user, the vehicle user must enroll his or herbiometric data. To begin enrollment, the acquisition device 20 collectsa biometric sample from the vehicle user. The acquisition device 20 maycollect the biometric sample in response to an instruction from theelectronic processing device 24′ of the computing device 21. Then theelectronic processing device 24′ generates a biometric template from theraw data in the biometric sample collected from the vehicle user. Thebiometric template is a mathematical representation of the biometricsample. The electronic processing device 24′ generates the biometrictemplate through the process of feature extraction. During the featureextraction process, the electronic processing device 24′ applies anumber of algorithms to the raw biometric data to locate and encodedistinctive characteristics. Once the electronic processing device 24′generates the biometric template, the biometric template is stored onthe electronic memory 26′ and/or in a database 68. The biometrictemplate created during the enrollment process is referred to herein asthe stored template.

Once the in-vehicle biometric system 14 has created and saved the storedtemplate for a vehicle user, the in-vehicle biometric system 14 mayauthenticate the vehicle user. To begin authentication, the acquisitiondevice 20 collects a biometric sample from the vehicle user. Theacquisition device 20 may collect the biometric sample in response to aninstruction from the electronic processing device 24′ of the computingdevice 21. The electronic processing device 24′ generates a biometrictemplate from the raw data in the biometric sample collected from thevehicle user through the feature extraction process. The biometrictemplate created during the authentication process is the live template.Then the electronic processing device 24′ compares the stored templateto the live template using comparison algorithms. The electronicprocessing device 24′ generates a score for the comparison, and based onthat score the vehicle user is determined to be an authorized user or anunauthorized user. If the vehicle user is determined to an unauthorizeduser, the electronic processing device 24′ may transmit (e.g., throughthe VCP 16 or the bus 70 of the center 48) a notification to a liveadvisor or a notification platform of the center 48. The live advisor orthe notification platform (using additional logic) may than determine amessage recipient(s) and send a message to the message recipient(s)indicating that an unauthorized person is operating the vehicle 12. Ifthe vehicle user is determined to an authorized user, no notification issent and the vehicle user is able to use the vehicle 12.

When the computing device 21 is located on the vehicle 12 either as astandalone device or resident within the VCP 16, the computing device 21run a local comparison routine with the biometric sample collected bythe acquisition device 20 and onboard templates to authenticate thevehicle user. When the computing device 21 is hosted on the server 22,the VCP 16 sends the raw data from the biometric sample to the server22, and the server 22 acting as the computing device 21 will run aremote comparison routine with the biometric sample raw data andtemplates stored on the electronic memory 64 of the server 22 or in adatabase 68 to which the server 22 has access. As mentioned above, insome examples of the system 10, separate devices of the computing device21 may be located on the vehicle 12 (either as a standalone device orresident within the VCP 16) and hosted on the server 22 so that thesystem 10 may run either a local comparison routine or a remotecomparison routine on the biometric sample (e.g., in response to thevehicle state switch 18).

In the examples disclosed herein, the in-vehicle biometric system 14 mayuse any suitable biometric authentication technology or any suitablecombination of biometric authentication technology. Examples of suitablebiometric authentication technology include fingerprint recognitiontechnology, palm print recognition technology, hand geometry recognitiontechnology, retina recognition technology, iris recognition technology,facial mapping technology, signature recognition technology, voicerecognition technology, vein recognition technology, DNA recognitiontechnology, and ear geometry recognition technology.

The biometric authentication technology or combination of biometricauthentication technologies may be selected for use in the in-vehiclebiometric system 14 based on uniqueness (distinctiveness of theinformation content), permanence (sufficiently invariant over a certainperiod of time), universality (each individual should have the biometricfeature), measurability (simplicity of extraction), comparability(simplicity of comparison between two templates as one is stored and thesecond one is a live template), collectability (how well can theidentifiers be captured and quantified), invasiveness (the necessity ofintroducing an instrument into a body part), performance (accuracy,speed, security), circumvention (ability to fool the system), and/oruser acceptance (extent to which society is supporting of thetechnology). For example, DNA recognition technology may have a highinvasiveness as it may require a blood sample, but DNA has highpermanence as it doesn't change throughout the life of the individual,and it has high universality as everyone has DNA. As another example,facial mapping technology has a low invasiveness as the in-vehiclebiometric system 14 does not need to come in contact with the user, butit has medium permanence as a user's face changes with age.

The biometric authentication technology or combination of biometricauthentication technologies may also be selected based on hygienefactors, ease of use, factors that may increase errors, verificationtime, and/or potential issues with integrating the biometricauthentication technology into the automotive environment. Technologythat requires user contact with the acquisition device 20 may negativelyimpact the hygiene of the in-vehicle biometric system 14. Factors thatmay increase errors include dirt, aging, injury, lighting, noise, andsickness. Potential issues with integrating the biometric authenticationtechnology into the automotive environment may include space for theequipment needed to implement the technology and the use of gloves byvehicle users.

The biometric authentication technology or combination of biometricauthentication technologies may also be selected based on the falseacceptance rate (FAR), the false rejectance rate (FRR), the failure toenroll (FTE), and the sensor subject distance (SSD). The falseacceptance rate is the rate at which the biometric authenticationtechnology accepts an unauthorized user as an authorized person. In anexample, the false acceptance rate of the authentication technology isgreater than 0% to about 2%. The false rejectance rate is the rate atwhich the biometric authentication technology rejects an authorizedperson as an unauthorized person. In an example, the false rejectancerate of the authentication technology is greater than 0% to about 20%.The failure to enroll is the rate at which the biometric authenticationtechnology is unsuccessful in its attempts to create a template from aninput. The failure to enroll is typically defined by a minimum of threeattempts. In an example, the failure to enroll of the authenticationtechnology is greater than 0% to about 1%. The sensor subject distanceis the distance between the human biometric part and the acquisitiondevice 20. In an example, the sensor subject distance is from 0 cm toabout 20 m.

In one example of the system 10, iris recognition technology is used.Iris recognition technology has a high uniqueness, permanence,universality, collectability, and performance; a medium measurability,comparability, invasiveness, and user acceptance; and a lowcircumvention. Iris recognition technology does not require contact withthe acquisition device 20 and is not affected by dirt, aging, injury,noise, or sickness. The average verification time of iris recognitiontechnology is about 2 seconds. In an example, the false acceptance rateof iris recognition technology is about 0.94%. In another example, thefalse rejectance rate of iris recognition technology is about 0.99%. Instill another example, the failure to enroll of iris recognitiontechnology is about 0.5%. In still another example, the sensor subjectdistance of iris recognition technology is about 30 cm. Iris recognitiontechnology is commercially available from manufactures, such as HOYOSLABS® and EYELOCK®.

In one example of the system 10, facial mapping technology is used.Facial mapping technology has a high universality, collectability, useracceptance, and ease of use; a medium uniqueness, permanence, andmeasurability; and a low invasiveness. Facial mapping technology doesnot require contact with the acquisition device 20 and is not affectedby dirt, noise, or sickness. The average verification time of facialmapping technology is about 3 seconds. In an example, the falseacceptance rate of facial mapping technology is about 1%. In anotherexample, the false rejectance rate of facial mapping technology is about20%. In still another example, the sensor subject distance of facialmapping is about 20 m. Facial mapping technology is commerciallyavailable from manufactures, such as MRA DIGITAL® and INTEL®.

In some examples, the vehicle 12 also includes the vehicle state switch18. The vehicle state switch 18 may be a combination of hardware andsoftware in communication with the VCP 16 (through the vehicle bus 36)or may be integrated into the VCP 16 as software that is executed by thehardware (e.g., processor 24) of the VCP 16. Whether a standalone deviceor resident within the VCP 16, the vehicle state switch 18 improves thefunction of the in-vehicle biometric system 14 by identifying apredefined driving group to which the vehicle user belongs as either asmall group or a large group. When the vehicle state switch 18identifies the predefined driving group as a small group, the in-vehiclebiometric system 14 (via electronic processing device 24′) runs a localbiometric comparison routine on the biometric sample. When the vehiclestate switch 18 identifies the predefined driving group as a largegroup, the in-vehicle biometric system 14 (via VCP 16) transmits thebiometric sample to the server 22 for authentication.

In an example the vehicle state switch 18 includes an electronicprocessing device 24″ operatively coupled to one or more types ofelectronic memory 26″. The electronic processing device 24″ of thevehicle state switch 18 may be similar to the processor 24 of the VCP16, and is capable of executing the computer readable instructions 28″stored in the memory 26″, which may be similar to the electronic memory26. In the examples disclosed herein, the vehicle state switch 18 isprogrammed to determine whether the predefined driving group to whichthe vehicle user belongs is a small group or a large group, and toinstruct the VCP 16 accordingly. To perform these operations, thevehicle state switch 18 executes computer readable instructions 28″ thatare stored on the memory 26″.

The memory 26″ may also store predefined settings that define the smallgroup. The vehicle user may define these settings by inputting whichindividuals are authorized members of the small group. When setting upthe small group, the vehicle user may select members from the largegroup (e.g., whose existing authorized biometrics are stored off boardthe vehicle 12). The stored templates for the selected members may thenbe requested and/or received by the vehicle 12 from the server 22 andsaved on the electronic memory 26′. Alternatively, the vehicle user maycreate the small group locally (i.e., in the vehicle 12). In thisexample, the vehicle user may be prompted to collect a biometric samplefrom each of the members that he/she wishes to include in the smallgroup. These samples are stored templates for the members of the smallgroup. Any individual outside of the small group may be considered to bea part of the large group, and stored templates for the members of thelarge group may be stored off board the vehicle 12.

It is to be understood that the vehicle state switch 18 is responsive toa user input. In some examples, the user input is entered by the vehicleuser at the user interface 38. In other examples, the vehicle stateswitch 18 is a physical button in the vehicle 12. The user may push thebutton to set the vehicle state switch 18 to identify the predefineddriving group as either the small group or the large group. In stillother examples, the user input is entered at a remote computing device74. The remote computing device 74 may then transmit the user input tothe VCP 16. When identifying the predefined driving group, the user willselect the group that the then-current driver is a part of. For example,if the then-current driver is the user's wife, and she is a member ofthe small group, the user may select the small group as the predefineddriving group. For another example, if the then-current driver is amember of a car share program and thus a member of the large group, theuser may select the large group as the predefined driving group.

The remote computing device 74 may be any computing device, including asmart phone, such as a GSM/LTE phone or a GSM/CDMA/LTE phone. In otherexamples, the remote computing device 74 may be any remote computingdevice that has a remote computing device communication platform 76.Examples of other remote computing devices 74 include a wearable device(e.g., smart bracelet, smart watch, helmet, etc.), a tablet computer,etc., each of which may be, for example, GPS, cellular/Internet wirelesscommunication enabled, and short-range wireless communication enabled.

The remote computing device 74 may include a communications module 78,physical hardware (e.g., a microprocessor 80), and computer readableinstructions 84 stored in an electronic memory 82 to enable it totransmit the user input to the VCP 16. The microprocessor 80 of theremote computing device 74 may be similar to the processor 24 of thevehicle 12, and is capable of executing the computer readableinstructions 84 stored in the memory 82, which may be similar to theelectronic memory 26.

As shown in FIG. 1, some examples of the system 10 include a server 22which may be part of a center 48 that provides back-end services to thevehicle 12. In some of the examples disclosed herein, phone calls and/ordata (e.g., biometric sample data, etc.) may be transmitted to, from,and/or between communication component(s) of the vehicle 12 and theserver 22 using the carrier/communication system 50. Some of thesecommunication links between the various components are shown aslightning bolts and arrows in FIG. 1.

In an example, the carrier/communication system 50 is a two-way radiofrequency (RF) communication system. The carrier/communication system 50may include one or more cell towers 52 or satellites (not shown). It isto be understood that the carrier/communication system 50 may alsoinclude one or more base stations and/or mobile switching centers (MSCs)54 (e.g., for a 2G/3G network), one or more evolved Node Bs (eNodeB) andevolved packet cores (EPC) 56 (for a 4G (long-term evolution, LTE)network), and/or one or more land networks 58. The carrier/communicationsystem 50 may be part of a cellular radio environment or a satelliteradio environment, which may include a variety of wireless networkproviders (which include mobile network operator(s), not shown),utilizing the same or a variety of radio access technologies. Whileseveral examples have been provided, it is to be understood that thearchitecture of the wireless carrier/communication system 50 may be GSM(global system for mobile telecommunications), CDMA2000, UMTS (universalmobile telecommunications system), LTE, or some other availablearchitecture.

An Internet connection may also be utilized for the transmission ofmessage(s), biometric sample data, etc. In this example, thetransmission of the message(s), biometric sample data, etc. may be madeusing the carrier/communication system 50, through the vehicle'sInternet connection (e.g., when the vehicle 12 is equipped with a 4Glong-term evolution, LTE, or other suitable Internet connection),through the Internet connection of a mobile communications device (e.g.when the mobile communications device is equipped with 4G long-termevolution, LTE, or other suitable Internet connection and is capable ofacting as a secure hotspot), or through any other suitable Internetconnection (e.g. when the vehicle 12 can securely connect to a hotspot).

The vehicle 12 is equipped with suitable hardware and computer readableinstructions/code 28 that allow the vehicle 12 to communicate (e.g.,transmit and/or receive voice and data communications) over thecarrier/communication system 50. Using the communications module 30, thevehicle 12 is capable of making cellular or satellite connections and/orInternet connections (over the wireless carrier/communication system50).

The vehicle 12 may use the VCP 16 for vehicle communications over thecarrier/communication system 50. The vehicle communications utilizeradio or satellite transmissions to establish a voice channel with thecarrier/communication system 50 such that both voice and datatransmissions may be sent and received over the voice channel. In someinstances, vehicle communications are enabled through the VCP 16 via thecommunications module 30.

The vehicle 12 may be in communication with the server 22, which is partof the center 48. As an example, the vehicle 12 may transmit biometricsample data (as received by the acquisition device 20) to the server 22as a data message using the data transmission system 34 and the wirelesscarrier/communication system 50. As another example, the vehicle 12 maycommunicate with the server 22 in order to receive data indicatingwhether the user is an authorized user or an unauthorized user.

It is to be understood that the center 48 shown in FIG. 1 may bevirtualized and configured in a Cloud Computer, that is, in anInternet-based computing environment. For example, the server 22 (andother computing equipment) may be accessed as a Cloud platform service,or PaaS (Platform as a Service), utilizing Cloud infrastructure ratherthan hosting server 22 at the center 48. In these instances, the server22 (and other center 48 components) may be virtualized as a Cloudresource. The Cloud infrastructure, known as IaaS (Infrastructure as aService), typically utilizes a platform virtualization environment as aservice, which may include components such as processor(s) 60, 66,server 22, and other computer equipment. In an example, the real-timeservices performed by the server 22 disclosed herein may be performed inthe Cloud via the SaaS (Software as a Service).

The server 22 may be a system of computer hardware and computer readableinstructions that is capable of supplying the vehicle 12 with data,which the VCP 16 of the vehicle 12 may use to determine if the vehicleuser is an authorized user or an unauthorized user.

As shown in FIG. 1, the server 22 includes the processor 60, and thecenter 48 may also include additional processor(s) 66. The processors60, 66 may be a controller, a host processor, an ASIC, or a processorworking in conjunction with a central processing unit (CPU). Theprocessor 60 is capable of executing the computer readable instructionsthat are stored on the electronic memory 64.

The server 22 also includes a server communication transceiver 62 thatmay be in selective communication with the VCP 16. The servercommunication transceiver 62 may be any suitable data transmissionsystem that is capable of sending and/or receiving data communicationsover the carrier/communication system 50. For example, the servercommunication transceiver 62 is capable of receiving the biometricsample data from the VCP 16 of the vehicle 12. The server communicationtransceiver 62 can also transmit data indicating whether the user is anauthorized user or an unauthorized user to the vehicle 12.

The database(s) 68 may be designed to store vehicle record(s),subscriber/user profile records, or any other pertinent subscriberand/or vehicle information. In an example, the database(s) 68 may beconfigured to store the user profile, which may contain personalinformation of the subscriber (e.g., the subscriber's name, storedbiometric template, a billing address, a home phone number, a cellularphone number, etc.) and/or information of the vehicle 12 (e.g.,identification number, etc.). It is to be understood that the databases68 may allow the center 48 to function as a repository for datacollected from the vehicle 12. In some instances, another facility mayfunction as a repository for the collected data (e.g., a customerrelationship management system (not shown) associated with the center 48whose database(s) 68 the server 22 can access).

As illustrated in FIG. 1, the various center components may be coupledto one another via a network connection or bus 70 such as one similar tothe vehicle bus 36 previously described.

In addition to the server 22, the center 48 may also include othercomponents, such as additional processor(s) 66 and/or switch(es) 72. Insome instance, the center 48 may also include advisor(s) (not shown).The additional processor(s) 66, which may be used in conjunction withtelecommunication and computer equipment (not shown), may generally beequipped with suitable software and/or programs enabling theprocessor(s) 66 to accomplish a variety of center functions or tasks.The telecommunication and computer equipment (including computers) mayinclude a network of servers (including server 22) coupled to bothlocally stored and remote databases (e.g., database 68) of anyinformation processed. The switch(es) 72 may be private branch exchange(PBX) switch(es). The switch 72 routes incoming signals so that voicetransmissions are usually sent to either a live advisor or an automatedresponse system, and data transmissions are passed on to a modem orother piece of equipment (e.g., a communications module) fordemodulation and further signal processing. Biometric sample data fromthe vehicle 12 may be transmitted to the server 22.

In one example of the system 10, the VCP 16 is programmed to recognize asequence of events. The sequence of events includes the transmission(not shown) of the vehicle 12 shifting from drive to park, the engine(not shown) of the vehicle 12 is on, and the transmission (not shown) ofthe vehicle 12 shifting back from park to drive. This sequence of eventsmay occur, for example, when the vehicle 12 is being parked by a valet,when the user is sitting in a line (e.g., drive-through, toll-way,etc.), or the like. The VCP 16 may recognize the occurrence of thesequence of events because of signals received through the vehicle bus36 from the sensor interface module(s) 40. The sensors interfacesmodule(s) 40 may send signals indicating that the sequence of events hasoccurred to the VCP 16 because of data received by the vehicle sensors42 indicating that the sequence of events has occurred. For example, apowertrain module may recognize that the transmission has been switchedfrom one gear to another, that the engine remains on, and thattransmission has been switched back. In this example, the powertrainmodule recognizes that the sequence of events has occurred and transmitsa signal to the VCP 16 that indicates that the sequence of events hasoccurred. This signal may include a time stamp for the sequence ofevents.

In this example, once the VCP 16 recognizes that the sequence of eventshas occurred, the VCP 16 is programmed to monitor the distance that thevehicle 12 travels after the occurrence of the sequence of events and/orto monitor the time since an occurrence of the sequence of events. TheVCP 16 may monitor the distance that the vehicle 12 travels using thelocation detection unit 44, and the VCP 16 may monitor the time usingthe real-time clock 46. Once the VCP 16 has determined that a set timehas passed and/or that the vehicle 12 has traveled a set distance, theVCP 16 instructs the in-vehicle biometric system 14 to enter anauthentication mode. In one example, the set time ranges from about 5minutes to about 5 hours. In another example, the set time is at least10 minutes. In still another example the set distance ranges from about0.1 miles to about 5 miles.

In this example, the in-vehicle biometric system 14 is responsive toinstructions from the VCP 16 and initiates an authentication routine.When running the authentication routine, the in-vehicle biometric system14 will prompt the then-current driver to input a biometric sample usingthe acquisition device 20, and the collected live template will becompared with stored templates in the memory 26′ in order toauthenticate the then-current driver. In this example, the storedtemplates are those previously defined as authorized vehicle operators.In one example, the authentication routine is a local comparison routinerun with the computing device 21 of the in-vehicle biometric system 14located on the vehicle 12. In another example, the authenticationroutine is a remote comparison routine with the computing device 21 ofthe in-vehicle biometric system 14 hosted on the server 22. With theremote authentication routine, the live template is transmitted to theserver 22 for comparison and authentication.

When the then-current driver is authenticated, the user can continue tooperate the vehicle 12. When the then-current driver is notauthenticated, a message may be sent from the VCP 16 to the vehicleowner indicating that a non-authorized person is operating his/hervehicle.

The previously described example involving the recognition of thesequence of events may be useful, for example, when the vehicle driveris using a valet. If the valet takes the vehicle 12 out for a drive andthe set time and/or set distance is surpassed, the authenticationroutine will initiate. Since the valet's biometrics are not likely partof the stored templates of authorized vehicle operators, a message willbe sent to the vehicle owner (e.g., through his/her mobile device)indicating that a non-authorized person is operating his/her vehicle.

In another example of the system 10, the vehicle user may set a pre-setdriving event. The pre-set driving event may be any event that may occurduring a vehicle trip. For example, the pre-set driving event may bechanging the radio station to a set station, entering a set location, orachieving a set speed. The pre-set driving event may be entered by thevehicle user at the user interface 38. The vehicle user may inputmultiple pre-set driving events, which may be stored in the memory 26.

The VCP 16 is programmed to monitor for an occurrence of the pre-setdriving event(s) during the vehicle trip. The VCP 16 may recognize theoccurrence of a pre-set driving event because of signals receivedthrough the vehicle bus 36 from the sensor interface module(s) 40. Thesensor interface module(s) 40 may send signals indicating that thepre-set driving event has occurred to the VCP 16 because of datareceived by the vehicle sensors 42 indicating that the pre-set drivingevent has occurred. As examples, the infotainment module of the VCP 16may recognize that a particular radio station has been selected, thelocation detection unit 44 may recognize that a particular geographicregion has been entered, and a body control module connected to thespeedometer may recognize that the set speed has been reached. Each ofthese modules/units may send a signal to the VCP 16 indicating theoccurrence of the driving event.

In this example, once the VCP 16 has determined that a pre-set drivingevent has occurred, the VCP 16 instructs the in-vehicle biometric system14 to reenter an authentication mode. The in-vehicle biometric system 14is programmed to initiate an authentication routine at a beginning ofthe vehicle trip, and to initiate a subsequent authentication routine inresponse to instructions from the VCP 16 indicating that the pre-setdriving event has occurred. When running the subsequent authenticationroutine, the in-vehicle biometric system 14 will prompt the then-currentdriver to input a biometric sample using the acquisition device 20, andthe collected live template will be compared with stored templates inthe memory 26′ in order to authenticate the then-current driver. In thisexample, the stored templates are those previously defined as authorizedvehicle operators. In one example, the authentication routine is a localcomparison routine run with the computing device 21 of the in-vehiclebiometric system 14 located on the vehicle 12. In another example, theauthentication routine is a remote comparison routine with the computingdevice 21 of the in-vehicle biometric system 14 hosted on the server 22.With the remote authentication routine, the live template is transmittedto the server 22 for comparison and authentication.

By initiating the subsequent authentication routine, the VCP 16 canensure that the initially authenticated driver (i.e., at the beginningof the trip) is still operating the vehicle 12. When the then-currentdriver is authenticated, the user can continue to operate the vehicle12. When the then-current driver is either not authenticated or isrecognized as being a different driver than the initially authenticateddriver (i.e., at the beginning of the trip), a message may be sent fromthe VCP 16 to the vehicle owner (e.g., on his/her mobile device,indicating that a non-authorized or different person is operatinghis/her vehicle.

In still another example of the system 10, the vehicle user can set thevehicle state switch 18 to indicate a predefined driving group as eithera small group or a large group. The predefined driving group is thegroup of people who are authorized to drive the vehicle 12 at aparticular time. The user may set the vehicle state switch 18 toindicate that the predefined driving group is a small group when theuser, his or her family member(s), friend(s), etc. who are identified aspart of the small group will be driving the vehicle 12. The user mayselect the small group when he/she knows that the driver has his/herstored template as part of the small group. The user may set the vehiclestate switch 18 to indicate that the predefined driving group is a largegroup when the person who will be driving the vehicle 12 is not a memberof the small group, for example, when the vehicle 12 is to be used incar sharing (i.e., pre-approved members renting the vehicle 12 for smallperiods of time (e.g., by the hour)), when the vehicle 12 is part of acompany fleet (i.e., the vehicle 12 is part of a group of vehicles ownedby a company for use by its employees), or the like. The vehicle stateswitch 18 may be set by the user with the user interface 38, the remotecomputing device 74, or a physical button within the vehicle 12. As oneexample of a user's large group and small group, the large group may beall the authorized drivers participating in a company car program andthe small group may be the family of the user that is assigned to aparticular vehicle in the company car program. As another example of auser's large group and small group, the large group may be all theauthorized drivers in a national dealer demo fleet and the small groupmay be the approved drivers at a specific dealership.

In this example, the vehicle state switch 18 is in communication withthe computing device 21, part of which is located on the vehicle 12(either as a standalone device or resident within the VCP 16) and partof which is hosted on the server 22, so that when the in-vehiclebiometric system 14 initiates an authentication routine, the in-vehiclebiometric system 14 is responsive to the vehicle state switch 18. Theacquisition device 20 collects a biometric sample from the vehicle user.When the vehicle state switch 18 identifies the predefined driving groupas a small group, the electronic processing device 24′ of the computingdevice 21 runs a local biometric comparison routine on the biometricsample. The local biometric comparison routine compares the livetemplate with the stored templates of the members of the small group,which are stored in the onboard memory 26′ at the in-vehicle biometricsystem 14. When the vehicle state switch 18 identifies the predefineddriving group as a large group, the electronic processing device 24′transmits the biometric sample to the server 22 for authentication. Thenthe processor 60 of the server 22 runs a remote biometric comparisonroutine on the biometric sample. The remote biometric comparison routinecompares the live template with the stored templates of the members ofthe large group, which are stored in the off-board memory 26′ at theserver 22. Since the large group has more members, most or all of whichare unaffiliated with the vehicle owner, a larger and richer set ofstored templates can be stored for comparison by the off-board memory26′ at the server 22.

It is to be understood that the term “communication” as used herein isto be construed to include all forms of communication, including directand indirect communication. Indirect communication may includecommunication between two components with additional component(s)located therebetween.

Further, the terms “connect/connected/connection” and/or the like arebroadly defined herein to encompass a variety of divergent connectedarrangements and assembly techniques. These arrangements and techniquesinclude, but are not limited to (1) the direct communication between onecomponent and another component with no intervening componentstherebetween; and (2) the communication of one component and anothercomponent with one or more components therebetween, provided that theone component being “connected to” the other component is somehow inoperative communication with the other component (notwithstanding thepresence of one or more additional components therebetween).

It is to be understood that the ranges provided herein include thestated range and any value or sub-range within the stated range. Forexample, a range from about 5 minutes to about 5 hours should beinterpreted to include not only the explicitly recited limits of fromabout 5 minutes to about 5 hours, but also to include individual values,such as 25 minutes, 3.75 hours, 4 hours etc., and sub-ranges, such asfrom about 1.5 hours to about 4 hours, etc. Furthermore, when “about” isutilized to describe a value, this is meant to encompass minorvariations (up to +/−10%) from the stated value.

Reference throughout the specification to “one example”, “anotherexample”, “an example”, and so forth, means that a particular element(e.g., feature, structure, and/or characteristic) described inconnection with the example is included in at least one exampledescribed herein, and may or may not be present in other examples. Inaddition, it is to be understood that the described elements for anyexample may be combined in any suitable manner in the various examplesunless the context clearly dictates otherwise.

In describing and claiming the examples disclosed herein, the singularforms “a”, “an”, and “the” include plural referents unless the contextclearly dictates otherwise.

While several examples have been described in detail, it is to beunderstood that the disclosed examples may be modified. Therefore, theforegoing description is to be considered non-limiting.

The invention claimed is:
 1. A system for authenticating a vehicle userof a vehicle, comprising: an in-vehicle biometric system; and a vehiclecommunications platform programmed to: recognize, while the vehicle ison, a sequence of events including a transmission of the vehicle hasshifted from drive to park, an engine of the vehicle is on, and thetransmission of the vehicle has been shifted back from park to drive; inresponse to the sequence of events, monitor a time since an occurrenceof the sequence of events; and in response to determining that the timesince the occurrence of the sequence of events is at least a set time,instruct the in-vehicle biometric system to initiate an authenticationroutine, wherein the in-vehicle biometric system initiates theauthentication routine in response to the instruction.
 2. The system asdefined in claim 1 wherein the in-vehicle biometric system includes: anacquisition device to collect a sample from the vehicle user in responseto the instruction from the vehicle communications platform; and amicroprocessor running a local comparison routine programmed to comparethe sample with onboard templates of a predefined group to authenticatethe vehicle user.
 3. The system as defined in claim 1 wherein the settime is between about 5 minutes and about 5 hours.
 4. The system asdefined in claim 1 wherein the vehicle communications platform isfurther programmed to: monitor a distance that the vehicle has travelledsince the occurrence of the sequence of events; and in response todetermining that the distance that the vehicle has travelled since theoccurrence of the sequence of events is at least a set distance,instruct the in-vehicle biometric system to initiate the authenticationroutine; and wherein the set distance is between about 0.1 miles andabout 5 miles.
 5. The system as defined in claim 1 wherein the set timeis between about 5 minutes and about 5 hours.
 6. The system as definedin claim 1 wherein the vehicle communications platform is furtherprogrammed to: monitor a distance that the vehicle has travelled sincethe occurrence of the sequence of events; and in response to determiningthat the distance that the vehicle has travelled since the occurrence ofthe sequence of events is at least a set distance, instruct thein-vehicle biometric system to initiate the authentication routine,wherein the set distance is between about 0.1 miles and about 5 miles.7. A system for authenticating a vehicle user, comprising: a vehiclecommunications platform, programmed to: monitor for an occurrence of apre-set driving event during a vehicle trip; and in response todetermining that the pre-set driving event has occurred, instruct anin-vehicle biometric system to initiate an authentication routine; andan in-vehicle biometric system, programmed to: initiate theauthentication routine at a beginning of the vehicle trip; and inresponse to the instruction to initiate the authentication routine madein response to the determination that the pre-set driving event hasoccurred, initiate a subsequent instance of the authentication routine,wherein the vehicle remains in an on state between the beginning of thevehicle trip and the determination that the pre-set driving event hasoccurred.
 8. The system as defined in claim 7, further comprising a userinterface to receive an input used to set the pre-set driving event. 9.The system as defined in claim 7 wherein the pre-set driving eventcomprises at least one of: changing a radio station to a set station,entering a set location, or achieving a set speed.
 10. A system forauthenticating a vehicle user of a vehicle, comprising: an in-vehiclebiometric system; and a vehicle communications platform configured to:receive a plurality of signals indicative of a sequence of events from aplurality of vehicle sensors; recognize, while the vehicle is on, anoccurrence of the sequence of events including a transmission of thevehicle has shifted from drive to park, an engine of the vehicle is on,and the transmission of the vehicle has shifted back from park to drive;in response to the occurrence of the sequence of events, monitor a timesince an occurrence of the sequence of events; and in response todetermining that the time since the occurrence of the sequence of eventsis at least a set time, instruct the in-vehicle biometric system toenter an authentication routine, wherein the in-vehicle biometric systeminitiates the authentication routine in response to the instruction, andwherein the vehicle communications platform is configured to send amessage to a vehicle owner indicating a non-authorized person isoperating the vehicle when, via the authentication routine, thein-vehicle biometric system determines that the vehicle user is notauthorized to operate the vehicle.
 11. The system as defined in claim 10wherein the in-vehicle biometric system includes: an acquisition deviceto collect a sample from the vehicle user in response to the instructionfrom the vehicle communications platform; and a microprocessor running alocal comparison routine programmed to compare the sample with onboardtemplates of a predefined group to authenticate the vehicle user.